Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols

A typical wireless sensor node has little protection against radio jamming. The situation becomes worse if energy-efficient jamming can be achieved by exploiting knowledge of the data link layer. Encrypting the packets may help to prevent the jammer from taking actions based on the content of the packets, but the temporal arrangement of the packets induced by the nature of the protocol might unravel patterns that the jammer can take advantage of, even when the packets are encrypted. By looking at the packet interarrival times in three representative MAC protocols, S-MAC, LMAC, and B-MAC, we derive several jamming attacks that allow the jammer to jam S-MAC, LMAC, and B-MAC energy efficiently. The jamming attacks are based on realistic assumptions. The algorithms are described in detail and simulated. The effectiveness and efficiency of the attacks are examined. In addition, we validate our simulation model by comparing its results with measurements obtained from actual implementation on our sensor node prototypes. We show that it takes little effort to implement such effective jammers, making them a realistic threat. Careful analysis of other protocols belonging to the respective categories of S-MAC, LMAC, and B-MAC reveals that those protocols are, to some extent, also susceptible to our attacks. The result of this investigation provides new insights into the security considerations of MAC protocols.

[1]  Jing Li,et al.  A bit-map-assisted energy-efficient MAC scheme for wireless sensor networks , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[2]  Guevara Noubir,et al.  Low-power DoS attacks in data wireless LANs and countermeasures , 2003, MOCO.

[3]  Guevara Noubir,et al.  On Connectivity in Ad Hoc Networks under Jamming Using Directional Antennas and Mobility , 2004, WWIC.

[4]  David J. C. MacKay,et al.  Information Theory, Inference, and Learning Algorithms , 2004, IEEE Transactions on Information Theory.

[5]  Deborah Estrin,et al.  An energy-efficient MAC protocol for wireless sensor networks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[6]  Wenyuan Xu,et al.  Channel Surfing: Defending Wireless Sensor Networks from Interference , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[7]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[8]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[9]  Gregory J. Pottie,et al.  Wireless integrated network sensors: toward low-cost and robust self-organizing security networks , 1999, Other Conferences.

[10]  Yee Wei Law,et al.  Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols , 2005, TOSN.

[11]  Koen Langendoen,et al.  Link layer measurements in sensor networks , 2004, 2004 IEEE International Conference on Mobile Ad-hoc and Sensor Systems (IEEE Cat. No.04EX975).

[12]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[13]  David E. Culler,et al.  Versatile low power media access for wireless sensor networks , 2004, SenSys '04.

[14]  Sandeep S. Kulkarni,et al.  TDMA service for sensor networks , 2004, 24th International Conference on Distributed Computing Systems Workshops, 2004. Proceedings..

[15]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[16]  Paul J.M. Havinga,et al.  A Lightweight Medium Access Protocol (LMAC) for Wireless Sensor Networks: Reducing Preamble Transmissions and Transceiver State Switches , 2004 .

[17]  Amre El-Hoiydi Aloha with preamble sampling for sporadic traffic in ad hoc wireless sensor networks , 2002, 2002 IEEE International Conference on Communications. Conference Proceedings. ICC 2002 (Cat. No.02CH37333).

[18]  Shivakant Mishra,et al.  Decorrelating wireless sensor network traffic to inhibit traffic analysis attacks , 2006, Pervasive Mob. Comput..

[19]  Don J. Torrieri Principles of Secure Communication Systems , 1985 .

[20]  Jerzy Konorski,et al.  Multiple Access in Ad-Hoc Wireless LANs with Noncooperative Stations , 2002, NETWORKING.

[21]  Yee Wei Law,et al.  Survey and benchmark of block ciphers for wireless sensor networks , 2006, TOSN.

[22]  Moustafa Youssef,et al.  Energy-Aware TDMA-Based MAC for Sensor Networks , 2002 .

[23]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[24]  Richard A. Poisel,et al.  Modern Communications Jamming Principles and Techniques , 2003 .

[25]  Paul J.M. Havinga,et al.  Design of a low-power testbed for Wireless Sensor Networks and verification , 2003 .

[26]  Christian C. Enz,et al.  Poster abstract: wiseMAC, an ultra low power MAC protocol for the wiseNET wireless sensor network , 2003, SenSys '03.

[27]  Saurabh Ganeriwal,et al.  On Cheating in CSMA/CA Ad Hoc Networks , 2004 .

[28]  John S. Baras,et al.  Detection and prevention of MAC layer misbehavior in ad hoc networks , 2004, SASN '04.

[29]  P.J.M. Havinga,et al.  AI-LMAC: an adaptive, information-centric and lightweight MAC protocol for wireless sensor networks , 2004, Proceedings of the 2004 Intelligent Sensors, Sensor Networks and Information Processing Conference, 2004..

[30]  Marco Zuniga,et al.  Analyzing the transitional region in low power wireless links , 2004, 2004 First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004..

[31]  Jennifer C. Hou,et al.  On deriving the upper bound of α-lifetime for large sensor networks , 2004, MobiHoc '04.

[32]  Mika Ståhlberg Radio Jamming Attacks Against Two Popular Mobile Networks , 2000 .

[33]  Bhaskar Krishnamachari,et al.  An adaptive energy-efficient and low-latency MAC for data gathering in wireless sensor networks , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[34]  Jerry den Hartog,et al.  Link-layer jamming attacks on S-MAC , 2004, Proceeedings of the Second European Workshop on Wireless Sensor Networks, 2005..

[35]  Liesbet Van der Perre,et al.  Optimizing transmission and shutdown for energy-efficient packet scheduling in sensor networks , 2005, Proceeedings of the Second European Workshop on Wireless Sensor Networks, 2005..

[36]  Katia Obraczka,et al.  Energy-efficient collision-free medium access control for wireless sensor networks , 2003, SenSys '03.

[37]  Ian F. Akyildiz,et al.  Wireless sensor and actor networks: research challenges , 2004, Ad Hoc Networks.

[38]  Ramesh Govindan,et al.  Understanding packet delivery performance in dense wireless sensor networks , 2003, SenSys '03.

[39]  Koen Langendoen,et al.  Efficient broadcasting protocols for regular wireless sensor networks , 2003, 2003 International Conference on Parallel Processing, 2003. Proceedings..

[40]  David L. Adamy,et al.  EW 102: A Second Course in Electronic Warfare , 2004 .

[41]  Deborah Estrin,et al.  Medium access control with coordinated adaptive sleeping for wireless sensor networks , 2004, IEEE/ACM Transactions on Networking.

[42]  Henry Samueli,et al.  Analysis and design of a frequency-hopped spread-spectrum transceiver for wireless personal communications , 2000, IEEE Trans. Veh. Technol..

[43]  Nitin H. Vaidya,et al.  A Power Control MAC Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[44]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[45]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[46]  Y. C. Tay,et al.  Sift: A MAC Protocol for Event-Driven Wireless Sensor Networks , 2006, EWSN.

[47]  Roger L. Peterson,et al.  Introduction to Spread Spectrum Communications , 1995 .

[48]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[49]  Srdjan Capkun,et al.  Wormhole-Based Antijamming Techniques in Sensor Networks , 2007, IEEE Transactions on Mobile Computing.

[50]  David E. Culler,et al.  Mica: A Wireless Platform for Deeply Embedded Networks , 2002, IEEE Micro.

[51]  D. Curtis Schleher,et al.  Electronic Warfare in the Information Age , 1999 .

[52]  Richard Zurawski,et al.  Embedded Systems Handbook , 2004 .

[53]  John Anderson,et al.  Wireless sensor networks for habitat monitoring , 2002, WSNA '02.

[54]  Don J. Torrieri,et al.  Fundamental limitations on repeater jamming of frequency-hopping communications , 1989, IEEE J. Sel. Areas Commun..

[55]  Wenyuan Xu,et al.  Channel surfing and spatial retreats: defenses against wireless denial of service , 2004, WiSe '04.

[56]  Nitin H. Vaidya,et al.  Detection and handling of MAC layer misbehavior in wireless networks , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[57]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[58]  C. Chien,et al.  Low power TDMA in large wireless sensor networks , 2001, 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277).

[59]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.